Embed Size (px)
Citation preview
Efficient implementation of
multivariate quadratic polynomial
on Graphics Processing Units
Kouichi SAKURAI
Kyushu Univ. JAPAN
NSC-JST Joint workshop on “ICT” 27th-28th Nov 2012
My Personal/Academic with 台湾
• First visit 台湾(台北, 台南or 高雄?)2000??
• 2003
▫ 37th IEEE International Carnahan Conference on Security Technology (ICCST ’03), Oct 台北
▫ 9th Asiacrypt’2003, Dec 台北 (by Chi Sung Laih)
• 2007: MOU between ISIT and TWISC & NTUST ▫ Institute of Systems and Information Technology (福岡市)
▫ Taiwan Information Security Center (by D.T.Lee)
▫ NTUST:School of management, National Taiwan University of Science and Technology (by T.C. Wu)
2
My Personal/Academic 台湾 (II)
• 2008: Japan-Taiwan Joint Research on Cryptography and Information Security towards next IT-society
• 福岡 FUKUOKA SRP Center Building, Fukuoka, Japan, October • • Hosted by Institute of Systems, Information Technologies and
Nanotechnologies(ISIT) and Interchange Association, Japan (IAJ 交流協会). • Sponsored by National Science Council and Taipei Economic & Cultural
Representative Office in Japan.
• The research of Cryptography and Information Security has many topics, from theory to application including policy, and it is international. This joint-seminar would enhance the researchers both of Japan and Taiwan to collaboration with understanding each major research areas, and complement the difference of their original research topics towards the next step of explicit joint-research with individual researchers.
3
2nd Japan-Taiwan Joint Research Symposium on Cryptography and
Information Technology toward Next IT-society 2010 NOV. 15th-16th
漢来大飯店 (15F, Chatter Room) 高雄市 • 李徳財(Dr. Der-Tsai Lee, Academician)中央研究院(Academia Sinica) 呉宋成(Prof. Tzong-Chen Wu, Ph.D.) 中華民国資通安全学会 理事長 • 官大智(国立中山大学), 楊中皇(国立高雄師範大学), 荘文勝(国立高雄第一科技大学) • 羅乃維(国立台湾科技大学) , 陳Chia Mei(国立中山大学) • 簡宏宇((National Chi Nan Univ.), 范俊逸 ( 国立中山大学) • 鄭振牟(国立台湾大学), 楊柏因(中央研究院) • 王智弘(国立嘉義大学), 郭文中(国立虎尾科技大学) --------- 岡本栄司(Eiji Okamoto, Ph.D.) 筑波大学 (University of Tsukuba) 満保雅浩(Masahiro Mambo, Ph.D.) 筑波大学 (University of Tsukuba) 金岡晃 (Akira Kanaoka, Ph.D.) 筑波大学 (University of Tsukuba) 櫻井幸一(Sakurai Kouichi, Ph.D.)九州大学 (Kyushu University) / *1 佐久間淳(Jun Sakuma, Ph.D.) 筑波大学 (University of Tsukuba) 安藤類央(Ruo Ando, Ph.D. 情報通信研究機構(NICT)) 崎山一男(Kazuo Sakiyama, Ph.D.) 電気通信大学 (The University of Electro-Communications) 松浦幹太(Kanta Matsuura, Ph.D.) 東京大学 (The University of Tokyo) 西出隆志(九州大学) 江藤文治(九州先端科学技術研究所) et.al.
4
Some of my Supervised 台湾留学生
• En-Jung Farn (2010) ▫ Ph.D Student of Dept of Computer Science National Tsing
Hua University ▫ 父 Prof. Dr. FARN ▫ En-Jung Farn and Chaur-Chin Chen,
"Jigsaw puzzle images for steganography," Optical Engineering, 48(7): 077006 (July 2009) (SCIE)
• 周士博
▫ Ms student (Now working with NIFTY日本 ) ▫ "Detecting Primary User Emulation Attack with Two
Users Cooperative Scheme in cognitive radio networks” ▫ 母:Prof. Wuu Lih-Chau (国立雲林科技大學)
5
Brief History of Multivariate Quadratic Crypto
• Matsumoto-Imai Eurocrypt 1988 RSA (1978) Elliptic Curve Crypto (1985)
• Based on multivariate quadratic polynomials. ▫ Note that Solving systems of multivariate polynomial
equations is proved to be NP-complete
• Attacked by Pataran (Crypto’95)
• Modified by Pataran et al (EuroCrypt’96~)
▫ Oil and Vinegar (Attacked and Revised …..)
6
Post-Quantum Cryptography
(after Shor 1994) • Shor FOCS'9 4
▫ “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer”
• No more RSA nor ECC if Quantum Computer • Cryptostems from NP-complete problme
▫ ReInvente Matsumoto-Imai ! E.g Rainbow (2005)
• 4th PQ-crypto workshop, 2011 台北 ▫ Program Chair: Bo-Yin Yang (Academia Sinica) ▫ General chair: Chen-Mou Cheng (NTU)
7
Two Aspects of Fast computation on Cryptography
• Efficent implementation of crypto-algorithms ▫ Today’s talk on GPU faster on Stream cipher
• Cryptanalysis via Fast Processors ▫ ECC2K-130 on NVIDIA GPUs [IndoCrypt2010] ▫ D. J. Bernstein and H-C Chen and C-M Cheng and T. Lange and R.
Niederhagen and P. Schwabe and B-Y Yang (欧米台)
▫ Certicom ECC2K-130 challenge is to compute an elliptic-curve discrete logarithm on a Koblitz curve over F_2^131, of which cost of the computation to approximately 2^77 bit operations in 2^61 iterations.
▫ Rresulting GPU software performs more than 63 million iterations per second, including 320 million F_2^131 multiplications per second, on a $500 NVIDIA GTX 295 graphics card.
8
Histroy of Today’ Research Introduction with 台湾
• 2011Oct. “Fast Implementation and Experimentation of Multivariate Polynomial Cryptosystems on GPU,” 6th Joint Workshop on Information Security (JWIS2011), 高雄/台湾 by S.Tanaka, T.Nishide & K. SAKURAI
• 2011 Nov. : Send Mr.Tanaka(1st PhD) to Prof. ChengM.Cheng &Dr. BI Yang
• 2012a “Efficient Implementation of Evaluating Multivariate Quadratic System with GPUs,” 6th International Workshop on Advances in Information Security(WAIS 2012), by S.Tanaka, T.Nishide & K. SAKURAI
• 2012b "Efficient Parallel Evaluation of Multivariate Quadratic Polynomials on GPUs,” 13th International Workshop on Information Security Applications(WISA 2012) by S. Tanaka, T. Chou, Bo-Yin Yang, Chen-Mou Cheng,& Kouichi Sakurai
9
Efficient Parallel Evaluation of
Multivariate Quadratic
Polynomials on GPUs
Satoshi Tanaka, Tung Chou,
Bo-Yin Yang, Chen-Mou Cheng, Kouichi Sakurai
This work is partially supported by JST, Strategic Japanese-Indian Cooperative Program on Multidisciplinary Research Field, which combines Information and Communications Technology with Other Fields
† ‡
‡ *
†
†Kyushu University, Japan ‡Academia Sinika, Taipei, Taiwan *National Taiwan University, Taipei, Taiwan
Introduction
• Multivariate cryptography
▫ Public key: multivariate polynomial system
e.g. n unknowns and m polynomials system
▫ Security: hardness of solving systems
11
QUAD Stream Cipher[EuroCrypt2009]
•
12
QUAD Stream Cipher
•
13
GPGPU
• It is a technique for performing general-purpose computation with Graphical Processing Units (GPUs)
▫ GPU has a large amount of power of computation
• GPUs have a SIMD architecture
▫ It is better to handle several simple tasks
14
GPGPU for NVIDIA Architecures
• CUDA API
▫ Develop environment for GPU based on C language
15
host (computer)
device (GPU)
Related Works
• Efficient implementations of Berbain et al.
▫ They showed some strategies of efficient implementations for multivariate cryptography
▫ They implemented several multivariate cryptosystems
The throughput of QUAD(2,160,160) is 8.45 Mbps
16
[BBG]Berbain C., Billet, O., and Gilbert, H.,
“Efficient Implementations of Multivariate Quadratic Systems.” In Computer Science 2007.
[BBG]
Implementation Strategy
•
17
[BBG]
[BBG]Berbain C., Billet, O., and Gilbert, H.,
“Efficient Implementations of Multivariate Quadratic Systems.” In Computer Science 2007.
Basic Strategy of Parallelization
•
18
Parallelization Method 1
• Reshape triangular to rectangle matrix
19
Parallelization Method 1
• Optimization on NVIDIA GeForce GTX 580
▫ Setting non-zero variables to groups every 31 non-zero variables as k-set.
▫ Assuming a 31k-degree triangular matrix
Reshape to a 16k×31k (as 15k×32k) rectangle matrix
20
Parallelization Method 2
21
• Treat a polynomial as a vector
• Separate subvectors
Parallelization Method 2
•
22
Analysis
•
23
Additions Multiplicatoins
Original
Berbain et al.
Parallelization method 1
Parallelization method 2
Experimentation
•
24
Result
25
0
2000
4000
6000
8000
10000
12000
14000
32 128 224 320 416 512
CPU Strategy 1 Strategy 2
Computational time [us]
Unknowns
Result
• Encryption throughput of QUAD
26
Conclusion
• We present two parallelization methods for accelerating the evaluation of multivariate quadratic polynomial systems
▫ Parallelization strategy 2 is the fastest
▫ We expect QUADs with the strategy 2 will become efficient and secure stream ciphers
• Our approaches can be applied to other multivariate cryptosystems
27
Multivariate Quadratic Crypto Workshop
• 2013, March, 2nd&3rd 福岡(ISIT/SRP)
▫ (Just after PKC@奈良)
• Support by GCOE-program of Math/MI@KyushuUniv.
• Locally organized by Institute of Systems, Information
Technologies and Nanotechnologies(ISIT) , IT-security Division
• Two Invited Speakers (Appointed/Confirmed) from 台湾
▫ 鄭振牟(Chen-Mou Cheng)国立台湾大学
▫ 楊柏因(Bo-Yin Yang) 中央研究院
28
29
